Add a New User Activity Policy
Table of Contents
Add a New User Activity Policy
Learn how to create a new user activity policy to monitor user and administrator
activity.
User activity policies enable activity logging and activity alerting, depending on
the user activity support for the
specific SaaS app. You can track user activities that
compromise your organization. You can create a policy that sends email alerts or
creates an activity monitoring log entry
when a user downloads a large number of reports, or when a user tries to access a
SaaS application from a malicious IP address. There are numerous other examples that warrant activity
monitoring.
- To add a new policy, go to .Define the basic settings.
- Enter a Name for the policy.(Optional) Enter a Description for the policy.Specify a Severity for the policy ranging from Very Low, Low, Medium, High, and Critical..Verify that the Status is Enabled. A policy can be in the enabled or disabled state. After you add a new policy, you must enable the policy.Specify the Items to Detect.
- Select one of the following:
- Users—Applies the policy to users.
- Assets—Applies the policy to assets such as files or folders.
(Optional) Manage Exceptions for the policy. Enter the users or assets you want to exclude from the policy. For example, you might want to exclude Data Security administrators from user activity monitoring.Specify the match criteria for the activity.Specify the Action that you want Data Security to take:- Log Only (default)—For activity logging purposes, log the policy violation.
- Log and Send administrator alert—For activity alerting purposes, send an email for policy violations that require immediate action by one or more administrators. Data Security can send up to five emails per hour on matches against each policy.
Save your new policy.Save your changes.Data Security starts scanning files against the policy as soon as you save the changes. After the scan starts, you can start View Policy Violations for User Activity.
